Executives in the global telecommunications industry are heeding the need to fund enhanced security activities and have substantially improved technology safeguards, processes and strategies, with budgets rising, confidence high and the number and cost of detected incidents down, according to a PricewaterhouseCoopers (PwC) survey based on responses from 456 senior telecom executives.
While just more than half (53 percent) of the respondents saw themselves as industry front runners, more than one in four (28 percent) said they are better at getting the security strategy right than actually executing the plan. Smartphones, tablets and the bring-your-own-device (BYOD) trend have elevated security risks, yet only 45 percent of telecom respondents have launched mobile security strategy initiatives this year (just a 1 percent increase from 2012).
"Most telecom respondents say security spending is aligned with business objectives. In other words, they are starting to understand that security is an integral part of the business agenda—and can contribute to bottom-line benefits," the report noted. "This is critical because an evolved approach to security requires the support of informed top executives and an adequate budget that is aligned with business needs."
Although telecom information security budgets increased to an average of $5.4 million (a 35 percent gain over last year), confidence in security activities decreased from 87 percent in 2009 to 71 percent this year. Although confidence dropped, telecom respondents detected 17 percent fewer security incidents in the past 12 months and, despite the costs and complexity of responding to incidents, financial losses associated with telecom security incidents decreased 34 percent over the last year.
But while many telecommunications companies have raised the bar on security, their adversaries have done better. Threats are constantly multiplying and evolving. And hot-button technologies such as cloud computing, mobility and BYOD initiatives are implemented before they are secured. Many executives are hesitant to share security intelligence with others, forgoing a powerful offensive tool against targeted, dynamic attacks.
Meanwhile, compromise of employee and customer information increased substantially over last year, potentially jeopardizing an organization’s most valuable relationships. Also significant was a near-doubling of loss or damage of internal records. Just 4 percent of respondents reported security incidents perpetrated by foreign nation-states, with hackers representing a much more likely danger, attributed to 37 percent of incidents.
While 50 percent of telecom respondents report using cloud services—and 57 percent say the technology has improved security—only 20 percent included provisions for cloud in their security policy. Among telecoms, software as a service (SaaS) remains dominant but cloud-based platform-as-a-service (PaaS) options are showing strong growth, the report indicated.